Alerting

Custom Alert Action Arguments

Communicator

I wrote a Python 3.7.3 script to interact with our paging system's web api. It takes three parameters from the alert's html UI: To, From, and Message. Inspecting the Job for the alert, I can see that the correct values are assigned to these parameters, however, we never receive a page. I believe that perhaps I am not reading them into the script correctly using sys.stdin.read() and parsing out the values. Any guidance would be appreciated.

Script: (constants declarations not included)

if __name__ == "__main__":
    try:
        # Get Arguments
        payload = json.loads(sys.stdin.read())
        payload = payload['configuration']
        _to = payload['to']
        _from = payload['from']
        _message = payload['message']

        # Start a request session
        session = requests.Session()

        # Get Access Token
        auth = '%s:%s' % (CONSUMER_KEY, CONSUMER_SECRET)
        encodedCred = str(base64.b64encode(bytes(auth, 'ascii')))[2:-1]

        header = {'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': 'Bearer ' + encodedCred}
        body = "grant_type=client_credentials"
        request = requests.Request('POST', TOKEN_URL, data=body, headers=header)
        prepped = request.prepare()
        response = session.send(prepped, verify=False)

        if response.status_code != 200:
            sys.exit(1)

        prettyJSON = json.loads(response.text)
        token = prettyJSON['access_token']

        # Send Page
        query_parameters = {'To': _to,
                            'From': _from,
                            'Message': _message
                            }
        header = {"Authorization": "Bearer  %s" % token, "Accept": "application/json"}
        request = requests.Request('POST', PAGE_URL, data=query_parameters, headers=header)
        prepped = request.prepare()
        response = session.send(prepped, verify=False)

        if response.status_code != 200:
            sys.exit(1)

    except Exception as ex:
        sys.exit(1)

alert_actions.conf:

[ui]
is_visible = 1
label = Send a Page

[launcher]
author = sochsenbein
description = Send a page using the web api
version = 1.0

[install]
state = enabled
is_configured = 1

HTML:

<form class="form-horizontal form-complex">

    <div class="control-group">
        <label class="control-label" for="send_a_page_from">From </label>
        <div class="controls">
            <textarea name="action.send_a_page.param.from" id="send_a_page_from" placeholder="// your username here"></textarea>
        </div>
    </div>

    <div class="control-group">
        <label class="control-label" for="send_a_page_to">To </label>
        <div class="controls">
            <textarea name="action.send_a_page.param.to" id="send_a_page_to" placeholder="// comma separate usernames"></textarea>
        </div>
    </div>

    <div class="control-group">
        <label class="control-label" for="send_a_page_message">Message </label>
        <div class="controls">
            <textarea name="action.send_a_page.param.message" id="send_a_page_message" placeholder="// remember to keep the message short..."></textarea>
        </div>
    </div>

</form>

Documentation/References:
https://docs.splunk.com/Documentation/Splunk/7.2.6/AdvancedDev/CustomAlertConvertScripted
https://docs.splunk.com/Documentation/Splunk/7.2.6/AdvancedDev/ModAlertsCreate
https://answers.splunk.com/answers/442603/how-do-i-get-the-8-standard-alert-action-script-pa-1.html

0 Karma
1 Solution

Communicator

I found that Splunk has its own symlink that points to Python 2.7, so after changing the code to work with Python 2.7, the scripts works fine.

View solution in original post

0 Karma

Communicator

I found that Splunk has its own symlink that points to Python 2.7, so after changing the code to work with Python 2.7, the scripts works fine.

View solution in original post

0 Karma

Builder

Hi,
I just worked on a script that takes arguments. Here are the bits you need I believe:

payload = json.loads(sys.stdin.read())
config = payload['configuration']
_to = config.get('to')
_from = config.get('from')
_message = config.get('message')

Make sure you're importing the right Splunk libraries as well (not sure you need all these)
import sys, os
import splunk
import json
from urllib import urlencode
import urllib2

0 Karma

Communicator

@jnudell_2 the script works when ran from the command line. The imports I use are sys, requests, json, and base64 (Python 3.7.3). I compared that to another script we have that does work and it's only using sys, json, and urllib2. I am using those functions you listed, as well, minus the "get", I believe that's just Python 2. In 3 you can do var[key]. Do you know if Splunk logs errors for failed scripts? I looked through splunkd_stderr.log and splunkd_stdout.log but nothing referencing the script.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!